scispace - formally typeset
Search or ask a question
Topic

Rotational cryptanalysis

About: Rotational cryptanalysis is a research topic. Over the lifetime, 26 publications have been published within this topic receiving 491 citations.

Papers
More filters
Book ChapterDOI
07 Feb 2010
TL;DR: This paper analyzes the security of systems based on modular additions, rotations, and XORs (ARX systems) and proves that ARX with constants are functionally complete, i.e. any function can be realized with these operations.
Abstract: In this paper we analyze the security of systems based on modular additions, rotations, and XORs (ARX systems). We provide both theoretical support for their security and practical cryptanalysis of real ARX primitives. We use a technique called rotational cryptanalysis, that is universal for the ARX systems and is quite efficient. We illustrate the method with the best known attack on reduced versions of the block cipher Threefish (the core of Skein). Additionally, we prove that ARX with constants are functionally complete, i.e. any function can be realized with these operations.

144 citations

Journal ArticleDOI
TL;DR: In this paper, the concept of an RX-difference was introduced, which generalizes the idea of a rotational difference, and it was shown how RXdifferences behave around modular addition.
Abstract: Rotational cryptanalysis is a statistical method for attacking ARX constructions. It was previously shown that ARX-C, i.e. , ARX with the injection of constants can be used to implement any function. In this paper we investigate how rotational cryptanalysis is affected when constants are injected into the state. We introduce the notion of an RX-difference, generalizing the idea of a rotational difference. We show how RX-differences behave around modular addition, and give a formula to calculate their transition probability. We experimentally verify the formula using Speck32/64, and present a 7-round distinguisher based on RX-differences. We then discuss two types of constants: round constants, and constants which are the result of using a fixed key, and provide recommendations to designers for optimal choice of parameters.

48 citations

Journal Article
TL;DR: This paper applies a new compositional attack to the reduced version of the hash function Skein, a finalist of the SHA-3 competition, and formally proves that such a property cannot be found for an ideal cipher within the complexity limits of the attack.
Abstract: In this paper we combine two powerful methods of symmetric cryptanalysis: rotational cryptanalysis and the rebound attack. Rotational cryptanalysis was designed for the analysis of bit-oriented designs like ARX (Addition-Rotation-XOR) schemes. It has been applied to several hash functions and block ciphers, including the new standard SHA-3 (Keccak). The rebound attack is a start-from-the-middle approach for finding differential paths and conforming pairs in byte-oriented designs like Substitution-Permutation networks and AES. We apply our new compositional attack to the reduced version of the hash function Skein, a finalist of the SHA-3 competition. Our attack penetrates more than two thirds of the Skein core--the cipher Threefish, and made the designers to change the submission in order to prevent it. The rebound part of our attack has been significantly enhanced to deliver results on the largest number of rounds. We also use neutral bits and message modification methods from the practice of collision search in MD5 and SHA-1 hash functions. These methods push the rotational property through more rounds than previous analysis suggested, and eventually establish a distinguishing property for the reduced Threefish cipher. We formally prove that such a property cannot be found for an ideal cipher within the complexity limits of our attack. The complexity estimates are supported by extensive experiments.

47 citations

Book ChapterDOI
21 Jul 2014
TL;DR: This work presents several linear characteristics for reduced-round SIMON32/64 that can be used for a key-recovery attack and extend them further to attack other variants of SIMON, and exploits a connection between linear and differential characteristics for SIMON to constructlinear characteristics for different variants of reduced- round SIMON.
Abstract: SIMON is a family of 10 lightweight block ciphers published by Beaulieu et al. from the United States National Security Agency (NSA). A cipher in this family with \(K\)-bit key and \(N\)-bit block is called SIMON\({N}/{K}\). We present several linear characteristics for reduced-round SIMON32/64 that can be used for a key-recovery attack and extend them further to attack other variants of SIMON. Moreover, we provide results of key recovery analysis using several impossible differential characteristics starting from 14 out of 32 rounds for SIMON32/64 to 22 out of 72 rounds for SIMON128/256. In some cases the presented observations do not directly yield an attack, but provide a basis for further analysis for the specific SIMON variant. Finally, we exploit a connection between linear and differential characteristics for SIMON to construct linear characteristics for different variants of reduced-round SIMON. Our attacks extend to all variants of SIMON covering more rounds compared to any known results using linear cryptanalysis. We present a key recovery attack against SIMON128/256 which covers 35 out of 72 rounds with data complexity \(2^{123}\). We have implemented our attacks for small scale variants of SIMON and our experiments confirm the theoretical bias presented in this work.

45 citations

Journal Article
TL;DR: In this article, a preimage attack on 4-round Keccak and a 5-round distinguisher on the main building block of KCCAK hash function is presented.
Abstract: In this paper we attack round-reduced Keccak hash function with a technique called rotational cryptanalysis. We focus on Keccak variants proposed as SHA-3 candidates in the NIST’s contest for a new standard of cryptographic hash function. Our main result is a preimage attack on 4-round Keccak and a 5-round distinguisher on Keccak-f[1600] permutation — the main building block of Keccak hash function.

40 citations

Network Information
Related Topics (5)
Cryptography
37.3K papers, 854.5K citations
83% related
Public-key cryptography
27.2K papers, 547.7K citations
81% related
Encryption
98.3K papers, 1.4M citations
79% related
Hash function
31.5K papers, 538.5K citations
78% related
Smart card
25.4K papers, 313.5K citations
78% related
Performance
Metrics
No. of papers in the topic in previous years
YearPapers
20213
20206
20172
20161
20153
20144